Is my OPT set correctly?
I want to make double sure that no-one who connects to my wireless AP, (aka unsecured, no-virus protection laptop clients) on OPT1 can access my LAN. What I did was:
- Enable OPT1 interface on 10.0.2.1 /24 (LAN is 10.0.0.1/24) and plugged it into my wireless bridge
- Set the firewall for OPT1 to PASS any protocol from any source to destination NOT "lan subnet"
everything else I left default / blank
is that all I have to do? And NOTHING can get over??
You may also want explicit block rules at the top of your list on LAN and your wireless (one on LAN to block access to wireless subnet and one on the wireless to block access to LAN subnet).